32ad60e9143ec254502ca197c2b8fe913cce1dd91f1ac6a94c5009b71aba5baa

Analysis

max time kernel
155s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2023 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

five-nights-at-maggie-s.exe
Size

354.6MB
MD5

da30baeab6ee4cf48a99bfa8a8ccec5b
SHA1

2538f3702cc88cd0c1e636c2d5715ef08c09e9bf
SHA256

32ad60e9143ec254502ca197c2b8fe913cce1dd91f1ac6a94c5009b71aba5baa
SHA512

6cc09e06ce7b3956aeb0855fa63ddc377ab6aec052cc898cc9054c4a759c672bf4ea8fca25596db52de165e7d7404755b2af4e4f40f7418754a946ee7228a8e2
SSDEEP

3145728:oNOz92wf315ZpuWAVZnxojEMCjKZI1EqHrdy58:oNoLf3/ZpA7nkad1EwRym

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe
2916	five-nights-at-maggie-s.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2916	five-nights-at-maggie-s.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4944	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4944	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\five-nights-at-maggie-s.exe
"C:\Users\Admin\AppData\Local\Temp\five-nights-at-maggie-s.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f0 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\cctrans.dll

Filesize
141KB

MD5
ce3a36f85d2ea504b6d19c5f366c3f47

SHA1
972629c730b65c17ac2c751aafeb612d0c7432f2

SHA256
55e75e784e436cccd978192fba869656f879f0f126e99b375c3849c99872ec56

SHA512
c6df293b4373552c3165ac27f2070973a8278bc72001a8c10f300ea30699a03811dc6a84864ff22aaa2b35d1ec75d41ceb2a8fee85b5404d4a5bbfd8333f248c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\kcini.mfx

Filesize
114KB

MD5
7c0cb7fdc0d3519520cd4b8137edbd80

SHA1
bd4eddd8316a51baf4a3ae68b56acfbba734f46c

SHA256
d1471b2685d45956c323baa2cab11dfe479eb1021f04e2949f03557527c5fc84

SHA512
601c16892bef77d5842e0778f27d4f82e19ae66333b2b75c9a34b3ba6441169946e1167ceb21ed270bddba305abfe50f2e8f8ab2e9dc410c96a31944e597034a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\mmf2d3d9.dll

Filesize
1.1MB

MD5
72bb9180f8905c0da95566b778cdac5e

SHA1
e96145e8120514092b35f67f1f120b958997f921

SHA256
3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

SHA512
c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\mmfs2.dll

Filesize
509KB

MD5
98f647d1ed220e1d715aed9dcf69f387

SHA1
d1d9f5361672553a394bee9afe1d30814dd0ac53

SHA256
3a288448e88a296b2bceeaf093e76a22e3083e937a3c4efeb6a61565ca7e35df

SHA512
e950658b0afdad722a9f243bb8ae7fbc1c541dd0513379ef9e1d99becf8b31b4098c6789204baf3f15ea26f43af665edaa9799a6617373009def81bb20f02a06

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\waveFlt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\waveFlt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\Maggies

Filesize
18B

MD5
0a19476513986f6dcccb48ea82c1ebf2

SHA1
63d696e3ed636005b8d592b17c52bd110d40f81b

SHA256
8eeab23ab5d2036d9cb3668a037d700ff370fbf694873a6379c784d643b134ee

SHA512
d30120358245565c48c643265e67d997f879c74a7d39d33e9eb78ef5233d83895bc4810affc7f119b9d4e0ee9529b3154cecdc2d3a06db5ef413bef2c72f9758

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\Maggies

Filesize
36B

MD5
0d4d4da19fbe8792631e1db9ed412223

SHA1
27590a390d63e13b4a4cee1ba0dd87775c49371c

SHA256
5df3bea82640c293321c899348d1c76209ff043893491fdaf9f9fa9c96af1780

SHA512
d6971af1d5762995e4c09d7ca8a3f4874d63f8234c20c2277eb7d2621bcb81d56c787b731cdb875a6b2aaf72c1da0fe3a432a7bd46452455c6bb7300478f8ec7

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\Maggies

Filesize
36B

MD5
0d4d4da19fbe8792631e1db9ed412223

SHA1
27590a390d63e13b4a4cee1ba0dd87775c49371c

SHA256
5df3bea82640c293321c899348d1c76209ff043893491fdaf9f9fa9c96af1780

SHA512
d6971af1d5762995e4c09d7ca8a3f4874d63f8234c20c2277eb7d2621bcb81d56c787b731cdb875a6b2aaf72c1da0fe3a432a7bd46452455c6bb7300478f8ec7

Download Submit
memory/2916-155-0x0000000000EC0000-0x0000000000EE4000-memory.dmp

Filesize
144KB

Download